Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I hope I'm not being paranoid


  • Please log in to reply
8 replies to this topic

#1 Gozza53

Gozza53

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:56 PM

Posted 24 February 2018 - 10:33 AM

Hi, this is my first post and I admit it was because I've been having problems. Sorry in advance for the length.

 

It started when my Logitech wireless mouse and keyboard combo became slow and intermittent. That was soon followed by internet connection problems through Firefox which also affected my Mozilla email account. 'Connection is not secure'. Basically my usual sites (and servers) were supposedly set up insecurely and required temporary exemption certificates. The internet became unusable, as you can imagine.

 

I used the laptop to test the internet and there were no problems which told me the fault was inside my desktop, and it wasn't connected with my router.The Logitech .DLL issue Missing Entry: Logifetch etc, was simply done by relocating the wireless receiver in another USB port. The certificate problem remained.

 

I tried numerous routes to resolve the problem including using Malware-bytes on top of my McAfee suite to see if anything nasty had got through.

 

In Task Manager I found something odd under 'apps running' so opened the file in its location which was in a folder (C:/Prog Files/b0cdf084161ec60384cda43e155c3e4d). Inside was an executable programme with a symbol of a dog inside a red circle with a red slash across it. There was an icon below which looks like a magnifying glass (but could be a key), followed by 5 Application extension files and 2 DAT files.

 

There was on first inspection two seemingly identical executable files (3718f65992eb0faa57b160e73ff72435.exe) so in my desperate state I tried to delete the whole folder by shredding it in McAfee. The only thing that disappeared was the second executable file. The good thing was that the problem of the security certificate and exemption certificates had gone, and all seems to be normal with one difference.

 

The search tool in the Firefox browser switched from DuckDuck Go to Google. Could the problem have been with my search tool?

 

Anyway I don't know how this problem happened but others use my desktop. The weird folder is still intact and defies any deletion or alteration, so I have a few questions to put to this forum.

 

1 Do I need anything else to sit along McAfee to boost security?

2 Is the executable file known, and is it dangerous?

3 Could there be any link between my mouse/keyboard problems and my internet security issue?

 

Thanks for your time in advance.

 

 



BC AdBot (Login to Remove)

 


#2 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,751 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:03:56 PM

Posted 24 February 2018 - 02:27 PM

Certificate problems can be caused when your computer clock is set wrong. Did you check that?

 

Please upload the files to VirusTotal and report here.

VirusTotal Upload:


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#3 rp88

rp88

  • Members
  • 3,082 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:56 PM

Posted 24 February 2018 - 05:11 PM

Just in reference to your first question, NoScript (browser security extension for firefox) might be worth having to give general improvements to your security. It won't help fix this issue, whatever it might be at present, but it will make infection in future much less likely.

Edited by rp88, 24 February 2018 - 05:12 PM.

Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#4 Gozza53

Gozza53
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:56 PM

Posted 26 February 2018 - 10:15 AM

Thanks Didier. I did as you suggested and I'm posting the results below

 

https://www.virustotal.com/#/file/f880ec8393cfc13e5cd5d7e6b6c188b932105ecd3fe8ed367a53319d2a7eceaa/detection

 

Five virus checkers flagged the executable file up as concerning. I just need to know how I can remove it!!!

 

I've tried shredding through McAfee with no luck. Not sure how it gets past most of the other virus checkers either.

 

Setting the clock time incidentally was my first attempt at resolving the issue. As it now stands I don't have a problem with accessing the web or using email servers, but I don't know what this is actually doing.

 

If anyone can help further I would appreciate it.

 

Thanks in advance.



#5 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,751 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:03:56 PM

Posted 26 February 2018 - 12:01 PM

This looks like malware, maybe adware.

 

I suggest you start a new post to get your machine cleaned in this forum:

https://www.bleepingcomputer.com/forums/f/103/am-i-infected-what-do-i-do/


Edited by Didier Stevens, 26 February 2018 - 12:01 PM.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#6 Gozza53

Gozza53
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:56 PM

Posted 26 February 2018 - 04:15 PM

Didier,

 

Thanks for the advice on a clean-up. VirusTotal is a really useful tool to know about.

 

However, I managed at last to delete the folder and its contents (contents first and then the folder). Perhaps it gave up after so much persistence? Afterwards I ran Malwarebytes. There are now no threats detected on my machine, or at least none that McAfee and Malwarebytes can detect!

 

My question is: Would this 'malware' that was on my machine be responsible for the problems I was experiencing with regard to internet and e-mail server security?

 

Thanks again



#7 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,751 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:03:56 PM

Posted 27 February 2018 - 01:40 PM

Can you confirm that your clock was wrong? By how much time?


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#8 Gozza53

Gozza53
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:56 PM

Posted 28 February 2018 - 07:36 AM

The clock was correct when I checked which is why I thought other issues were the cause of my security certificate problems. I changed it to first make it read incorrectly and then changed it back to the correct settings just in case it was a clock-related issue.

 

What I did note at the time of my problem was that some of the files were showing the date for the following day even though the clock was set correctly. They are all as they should be now.



#9 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,751 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:03:56 PM

Posted 01 March 2018 - 06:13 PM

Then it was probably not a clock issue.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users